DRIU -- DNS Resolver Identification and Use (DRIU).

 

About DRIU
English (USA)

A list to discuss DNS Resolver Identification and Use.

The IETF has added additional methods for DNS stub resolvers to get to
recursive resolvers (notably DNS-over-TLS, RFC 7858), and is about to add
another (DNS-over-HTTPS, from the DOH Working Group). As these have been
developed, questions have been raised about how to identify these resolvers
from protocols such as DHCP and DHCPv6, what the security properties these
transports have in various configurations (such as between strict security
and opportunistic security), and what it means for a user who has multiple
resolvers configured when the elements of the configured set have different
transports and security properties.

Some of the topics that would be on-topic would be:
*
​ ​
How to identify DNS-over-different-transport in protocols such as DHCP, and
in user-accessible configuration
*
​ ​
Security properties of the various flavors of transport-secured DNS
*
​ ​
TLS authentication when the identifier is an IP address (which is most
common for identifying DNS resolvers)
*
​ ​
How resolvers can express their capabilities to clients who might care
(such as "this resolver does DNSSEC validation" or "this resolver passes
client subnet information to authoritative servers")
*
​ ​
Identifying a resolver in the "dns:" URI scheme in RFC 4501. A related
question is whether there should be a "dnss:" URI scheme whose semantics
mean "Look up this name, but only use a secure DNS server", where "secure"
would need to be defined.

To see the collection of prior postings to the list, visit the DRIU Archives or DRIU MHonArc Archives.

Using DRIU
To post a message to all the list members, send email to driu@ietf.org.

You can subscribe to the list, or change your existing subscription, in the sections below.

Subscribing to DRIU

Subscribe to DRIU by filling out the following form. You will be sent email requesting confirmation, to prevent others from gratuitously subscribing you. This is a private list, which means that the list of members is not available to non-members.

    Your email address:  
    Your name (optional):  
    You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. Do not use a valuable password as it will occasionally be emailed back to you in cleartext.

    If you choose not to enter a password, one will be automatically generated for you, and it will be sent to you once you've confirmed your subscription. You can always request a mail-back of your password when you edit your personal options.
    Pick a password:  
    Reenter password to confirm:  
    Which language do you prefer to display your messages? English (USA)  
    Would you like to receive list mail batched in a daily digest? No Yes
DRIU Subscribers
(The subscribers list is only available to the list members.)

Enter your address and password to visit the subscribers list:

Address: Password:   

To unsubscribe from DRIU, get a password reminder, or change your subscription options enter your subscription email address:

If you leave the field blank, you will be prompted for your email address


DRIU list run by driu-owner at ietf.org
DRIU administrative interface (requires authorization)
Overview of all ietf.org mailing lists

Delivered by Mailman
version 2.1.26
Python Powered GNU's Not Unix